Chinese mafia organizations garnered upwards of a billion dollars by disseminating deceptive text messages.
American citizens were the targets.
Deceptive SMS messages requesting payments for supposed debts have evolved into a profitable venture operated by criminal organizations hailing from China. According to US investigators, as reported by the BBC, more than $1 billion has been illicitly obtained via this scheme over a span of three years. The scheme utilizes a blend of phishing sites, SIM arrays, and a network of “money mules” who procure goods and gift certificates.
Messages that mimic notifications about overdue tolls, Postal Service invoices, or local fines entice individuals to access fraudulent websites and input their credit card details. The criminal groups then leverage the acquired information to fund electronic wallets and execute supplementary acquisitions, such as iPhones or vouchers.
A sample SMS might read: “E-ZPass's latest notification: An outstanding toll exists… Settle now:” along with a link to a bogus site. The majority of recipients disregard these texts, but those who interact with them are rerouted to deceptive pages requesting their name, card credentials, and temporary passwords. The web pages may also record the victim’s keyboard strokes—data the offenders utilize to connect compromised cards to digital wallets.
Investigators characterize the operation as a highly structured illicit market: overseas networks link server farms that dispatch bulk SMS messages to phishing platforms and “mules” situated in the United States, who convert the purloined funds into cash for a minor commission.
The technological base includes SIM farms—rooms filled with numerous communication devices and SIM cards. They facilitate the distribution of notifications on a grand scale.
“One person inside a room equipped with a SIM farm is capable of transmitting the same quantity of texts as a thousand cellular numbers,” notes Adam Parks, assistant special agent in charge of the investigation at Homeland Security Investigations. The farms are located across the United States, notably Houston, Los Angeles, Phoenix, and Miami.
While foreign orchestrators frequently oversee operations from afar, in the US, they enlist individuals to work on the farms. They enlist people to function as “mules” through WeChat: roughly 400-500 such operatives are engaged on a daily basis, earning roughly $0.12 for each $100 gift certificate secured.
The illicit funds are frequently transformed into vouchers or products, which are subsequently dispatched to China and traded there. According to Parks, “all of these proceeds flow to Chinese organized crime syndicates.”
The primary strategy of the scheme involves adding compromised cards to Google or Apple electronic wallets in Asia, and subsequently “disseminating” these cards to devices in the US, where operatives execute contactless transactions. This approach establishes a “virtual conduit” between the device in China and the device in the US, enabling payments with a solitary tap.
“The addition of these cards to digital wallets is so effective that it eliminates the need for numerous authentications,” cautions Ford Merrill, a researcher at SecAlliance.
Analysts at Proofpoint are observing a substantial surge in the prevalence of phishing SMS messages. Last month, American residents documented a record elevation of 330,000 fraudulent messages in a single day. The average monthly quantity of such SMS messages is currently roughly 3.5 times greater than in January 2024, signaling a notable heightening of the danger.
Legal proceedings have already revealed instances of similar schemes. In Kentucky, Chinese national Heng Ying admitted guilt, asserting he acquired 70 vouchers valued at $4,825 utilizing 107 distinct credit cards integrated into his device's Tap-to-Pay feature. To mask the transactions, he positioned them behind larger commodities at self-service checkout kiosks.
Recently, the Wenzhou People's Court in China condemned 11 members of the prominent Myanmar Min family to capital punishment for their participation in online deceit and unlawful gambling enterprises totaling in excess of $1.4 billion. The ring is accused of deploying “paramilitary forces” and assassinating 14 individuals, including laborers who endeavored to flee or disobeyed orders.
